package com.example.shirospringboot.config;

import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.example.shirospringboot.mapper.RolePermissionMapper;
import com.example.shirospringboot.mapper.SysUserMapper;
import com.example.shirospringboot.mapper.SysUserRoleMapper;
import com.example.shirospringboot.model.Permission;
import com.example.shirospringboot.model.SysUser;
import com.example.shirospringboot.model.UserRole;
import com.example.shirospringboot.util.JWTUtil;

@Component
public class JWTRealm  extends AuthorizingRealm {
    @Autowired
    private  JWTUtil jwtUtil;
    
    @Autowired
    private SysUserMapper sysUserMapper;
    
    @Autowired
    private SysUserRoleMapper sysUserRoleMapper;
    
    @Autowired
    private RolePermissionMapper rolePermissionMapper;
    
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof BearerToken;
    }
    
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        WrapperSysUser principal = (WrapperSysUser)principals.getPrimaryPrincipal();
        Integer userId = principal.getSysUser().getUserid();
        //获取角色信息
        List<UserRole> userRoles = sysUserRoleMapper.selectRolesByUserId(userId);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        userRoles.forEach(userRole -> {
            simpleAuthorizationInfo.addRole(userRole.getRoleName());
        });
    
        //获取权限信息
        List<Permission> permissionByUsername = rolePermissionMapper.getPermissionByUserId(userId);
        permissionByUsername.forEach(permission -> {
            simpleAuthorizationInfo.addStringPermission(permission.getPermissionName());
        });
    
        return simpleAuthorizationInfo;
    }
    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String token = (String) authenticationToken.getPrincipal();
        int userId = jwtUtil.getUserIdByToken(token);
        SysUser sysUser = sysUserMapper.selectByPrimaryKey(userId);
    
        if(sysUser.getLocked() != null && sysUser.getLocked()){
            throw new LockedAccountException("该用户已经被锁定");
        }
    
        //验证token是否被修改了
        if(!jwtUtil.verify(token, sysUser.getPassowrd())){
            throw new AuthenticationException("不合法身份或者身份凭证过期");
        }
    
        return new SimpleAuthenticationInfo(new WrapperSysUser(token, sysUser), token, sysUser.getRealName());
    }
}
